Session Management and Login Validation PHP

I would like to solved out the SESSION part in ALL files. SESSION is not working properely anymore. In addition, i need to solved out the javascript errors.

Objective is to access the dashboard.php and other pages from LOGIN.php and CREATEACCOUNT.php WITH validation and SESSION. There are two files: login.php and createaccount.php, from which user comes to dashboard.php in both cases.

When user forgot the password, i need to send password by email AND save new password into the database. I have used md5 method. Please let me know password recovery by email. I have tried so many times to manage ALL the things. It is not working in expected manner.

// js.js
function validateForm()
{
    var testemail=document.forms["SignIn"]["txtEmail"].value;
    var atpos=testemail.indexOf("@");
    var dotpos=testemail.lastIndexOf(".");
    if (atpos<1 || dotpos<atpos+2 || dotpos+2>=testemail.length)
    {
        alert("Enter Valid Email");
        return false;
    }
    var testpwd=document.forms["SignIn"]["pwd"].value;
    if (testpwd==null || testpwd=="")
    {
        alert("Password must be filled out");
        return false;
    }  
    if(testpwd.length<6)
    {
        alert("Length must be >=6 "); 
        return false;
    }
}

function validatenewuser() 
{
    var testemail=document.forms["SignUp"]["txtEmail"].value;
    var atpos=testemail.indexOf("@");
    var dotpos=testemail.lastIndexOf(".");
    if (atpos<1 || dotpos<atpos+2 || dotpos+2>=testemail.length)
    {
        alert("Enter Valid Email");
        return false;
    }

    var testpassword=document.forms["SignUp"]["pwd"]["cnfmpwd"].value;
    var password = document.getElementById(pwd).value;
    var confirmpassword = document.getElementById(cnfmpwd).value;
    if (password == confirmpassword) 
    {
        alert("Password Match..!!");
        return false;
    } 
    else 
    {
        alert("Verify your password");
        return false;
    }
}

=================================================================================
//createaccount.php

<form method="post" name="SignUp" action="" onSubmit="return validate_newuser();">                   
    <table>
        <tr>
        <td> Your email address: </td>
        <td> <input type="text" id="txtEmail" name="txtEmail" required="required" /> </td>
        </tr>
        <tr>
        <td> Choose your Password: </td>
        <td> <input type="password" id="pwd" name="pwd" required="required" /> </td>
        </tr>
        <tr>
        <td> Confirm Password: </td>
        <td> <input type="password" id="cnfmpwd" name="cnfmpwd" required="required" /> </td>
        </tr>                    
    </table>
    <input type="submit" class="btnLogin" value="OK" style="display:inline-block; font-weight:bold; font-size:12px; margin-left:350px;" />
</form>          
=================================================================================
//login.php

<form method="post" name="SignIn" action="" onSubmit="return validateForm();">                           
    <table>
        <tr>
        <td> Enter your Email: </td>
        <td> <input type="text" name="txtEmail" /> </td>
        </tr>
        <tr>
        <td> Enter your Password:  </td>
        <td> <input type="password" name="pwd" autocomplete="off" /> </td>
        </tr>                
    </table>         
    <input type="submit" class="btnLogin" value="Go" style="display:inline-block; font-weight:bold; font-size:12px; margin-left:350px;" />

</form>  

=================================================================================
//dashboard.php  +  There are other pages like configure.php and profile.php

<?php
    session_start();
    include "config.php";  
    include kSERVERPATH."init.php";
?>
<html>
    <head>
        <script type="text/javascript" src="js.js" media="all" /></script>
    </head>
<body>

<?php
    $CON // connection works

    $txtEmail=$_POST['txtEmail'];
    $pwd=$_POST['pwd'];
    $cnfmpwd=$_POST['cnfmpwd'];
    $encrypt_password=md5($pwd);

    $query = " SELECT * FROM `users` WHERE `email` = '".$txtEmail."' ";
    $result = mysql_query($query);
    $NumResponse = mysql_num_rows($result);

    if($NumResponse>0)
    {
        echo "<script type='text/javascript'>\n";
        echo "alert('Already Registered..!! )\n";
        echo "</script>";
    }
    else if($pwd==$cnfmpwd)
    {          

        $query = "INSERT INTO `busyexpe`.`users` (`id_user`, `email`, `ref_lang`, `password`, `date_creation`, `date_updated`,          `pwdResetDate`) VALUES (NULL, '".$txtEmail."', '1', '".$encrypt_password."', NOW(), NOW(), NOW());" ;       
        $result = mysql_query($query) or die(mysql_error());;
        echo "<script type='text/javascript'>\n";
        echo "alert('Your account has been succesfully created..!!')\n";
        echo "</script>";
    }

=================================================================================

//logout.php

<?php
    session_start();
    session_destroy();
    header("Location: index.php");
?>

Thanks in advanced.

4

Contributors

12

Replies

3 Days

Discussion Span

3 Months Ago

Last Updated

17

Views

Question
Answered

PriteshP23

Junior Poster

113 posts since Oct 2012

Reputation Points: 0

Solved Threads: 0

Skill Endorsements: 0

3 Months Ago

0

What doesn't "work" you need be more specific!

Questions / points:

1) Does this even execute?

$CON // connection works

2) Don't use mysql_* these commands are being depreciated.

3) Where do you set the sessions? For example:

<?php
    session_start();
    $_SESSION['Phorce'] = "Phorce";


    echo "User: " . $_SESSION['Phorce'];

    session_destroy();

    echo "User: " . $_SESSION['Phorce'];

4) In "logout.php" if you want to destroy a session, why are you creating a new session just to destroy it? You create the session at the beginning of your script.

phorce

Master Poster

738 posts since Jul 2011

Reputation Points: 63

Solved Threads: 91

Skill Endorsements: 16

3 Months Ago

0

@PriteshP23

Objective is to access the dashboard.php and other pages from LOGIN.php and CREATEACCOUNT.php WITH validation and SESSION. There are two files: login.php and createaccount.php, from which user comes to dashboard.php in both cases.

I think it has something to do with your <form> that has javascript in it.

You really shouldn't combine javascript with php like that.

LastMitch

Industrious Poster

4,212 posts since Mar 2012

Reputation Points: 134

Solved Threads: 336

Skill Endorsements: 45

3 Months Ago

0

@phorce

$CON // I mean to say i have successfully connected with database. It is not executable.
I will chage it.
I am not sure for SESSION logic.
I will put only session_destroy(); header("Location: index.php"); in logout.php

Please correct the code. Thanks in advanced.

PriteshP23

Junior Poster

113 posts since Oct 2012

Reputation Points: 0

Solved Threads: 0

Skill Endorsements: 0

3 Months Ago

0

@LastMitch

If you have ANY idea, do modification IN my code. I need urgent help in order to get the result.

PriteshP23

Junior Poster

113 posts since Oct 2012

Reputation Points: 0

Solved Threads: 0

Skill Endorsements: 0

3 Months Ago

0

@LastMitch
@phorce

I need your urgent help. Please let me know IF you have find mistake or another way to do so.

PriteshP23

Junior Poster

113 posts since Oct 2012

Reputation Points: 0

Solved Threads: 0

Skill Endorsements: 0

3 Months Ago

0

@PriteshP23 - We have our own lives, and, we choose to help people. It is rude (and probably against the rules) to demand you want your code looking at and fixing. You haven't even told us what is going wrong (What are the error messages? If any..)

NOTE: We don't have your server, nor access to your database and we are not compilers / intepreters that can just read through your code and process it. TELL US what is going wrong with the code.

phorce

Master Poster

738 posts since Jul 2011

Reputation Points: 63

Solved Threads: 91

Skill Endorsements: 16

3 Months Ago

0

@phorce

I am sorry if i had demanded and take your more time.

I have already mentioned that there is a problem in SESSION & JavaScript. It is not displaying error. IF it has other errors, i had already put it with my code.

I would like to know my mistake when i tried to create a session. Nothing else i required.

PriteshP23

Junior Poster

113 posts since Oct 2012

Reputation Points: 0

Solved Threads: 0

Skill Endorsements: 0

3 Months Ago

0

@PriteshP23

I am sorry if i had demanded and take your more time.

Like what phorce say regarding about members fixing codes.

It's a big No-No to demand members to fixed your code!

You really shouldn't post a another thread regarding about this issue:

http://www.daniweb.com/web-development/php/threads/446743/php-session-help

I find that very rude.

LastMitch

Industrious Poster

4,212 posts since Mar 2012

Reputation Points: 134

Solved Threads: 336

Skill Endorsements: 45

3 Months Ago

0

in login.php there is no php code.just you are doing validation in javascript.
But You are saving the Register people data in database.but u r nt comparing the input email & password values with saved values from database..then how u r redirecting the user to dashboard .php

varma51

Newbie Poster

19 posts since Jul 2012

Reputation Points: 0

Solved Threads: 2

Skill Endorsements: 0

3 Months Ago

0

@varma51

The thing is SESSION is not working. I have created session when user comes to dashboard.php page. I THINK Login page has nothing to do with session (php code).

I got the error:

Notice: Undefined index:

PriteshP23

Junior Poster

113 posts since Oct 2012

Reputation Points: 0

Solved Threads: 0

Skill Endorsements: 0

3 Months Ago

0

@PriteshP23 How do you expect SESSION to work, when you initialise a session, but, don't actually define anything as a session?

phorce

Master Poster

738 posts since Jul 2011

Reputation Points: 63

Solved Threads: 91

Skill Endorsements: 16

3 Months Ago

0

I have to SET session. That was missing in my code. Thank you all for your time and help..!!

<?php
if(isset ($_POST['form_action3'])){
        if  ($_POST['register']=="register_me")
        {
            $txtEmail = $_POST['form_action'];
            $pswd = $_POST['pswd'];
            $cnfmpswd = $_POST['cnfmpswd'];
            $encrypt_password = md5($pswd);

            $query = "";
            $result = mysql_query($query);
            $NumResponse = mysql_num_rows($result); 
            if($NumResponse>0)
            {
                echo "<script type='text/javascript'>\n";
                echo "alert('Already Registered..!! )\n";
                echo "</script>";
            }
            else{  
                $query = "";        
                $result = mysql_query($query) or die(mysql_error());;
                echo "<script type='text/javascript'>\n";
                echo "alert('Your account has been succesfully created..!!')\n";
                echo "</script>";
                include "dashboard.php";
            }
        }
    }   
?>

<body>
<form method="post" name="SignUp" action="" onSubmit="return validatenewuser();">                    
    <div class="divLogin">
    <table>
    <tr>
    <td> Your email address: </td>
    <td> <input type="text" id="form_action" name="form_action"  required="required" /> </td>
    </tr>
    <tr>
    <td> Choose your Password: </td>
    <td> <input type="password" id="pswd" name="pswd" required="required" /> </td>
    </tr>
    <tr>
    <td> Confirm Password: </td>
    <td> <input type="password" id="cnfmpswd" name="cnfmpswd" required="required" /> </td>
    </tr>                    
    </table>
    </div>

    <br /><div id="message">Nothing else required.</div><br />
    <input type="hidden" name="register" value="register_me" />

    <input type="submit" class="btnLogin" name="form_action3" value="OK" />

</form>          

</body>

PriteshP23

Junior Poster

113 posts since Oct 2012

Reputation Points: 0

Solved Threads: 0

Skill Endorsements: 0

Question Answered as of 3 Months Ago by phorce, LastMitch and varma51

Session Management and Login Validation PHP

This question has already been solved: Start a new discussion instead